Linkedin Email Blog Medium

:white_square_button: Decap

Scan PCAP Files for Security Issues

Analyzing PCAP file in forensic investigation or, incident response takes a long time. In such cases, Decap tool will help you to initially scan the PCAP file.

:ledger: Feature

• Get the security reputation of IP address.
• Get the security reputation of URL.
• Get MAC address and vendor name.
• Check existence of suspicious network ports.

:beginner: Requirements

• Decap tool requires the Internet connection.
• Decap tool is built with PowerShell and Python. If you are using Decap tool for the first time then, install some required Python modules by running the below commands:
  pip install scapy
pip install OTXv2

:black_square_button: How to Run

• Open up the Command Prompt (cmd.exe) and go to the Decap tool's folder. For example, if your Decap folder location is 'E:\Downloads\decap-main' then run the below command:
  cd E:\Downloads\decap-main

• Now use the below command to run the Decap tool:
  powershell -File decap.ps1 file.pcap
  
  Replace file.pcap with your PCAP file location. For example, if you want to scan the 'E:\Packets\file.pcap' file then run the below command:
  powershell -File decap.ps1 E:\Packets\file.pcap

:toolbox: Don't have PCAP file?

• You can download PCAP files of malware infected network from Malware Traffic Analysis. Password of the ZIP file will be infected.
• You can also download from Netresec.